forum.coppermine-gallery.net
Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: mahdi1234 on January 29, 2009, 08:13:34 pm
-
How about this one, do dev know it?
http://www.milw0rm.com/exploits/7909
-
Thanks for letting us know - that's a brand-new one. We'll look into this and come up with a resolution as soon as possible.
-
I can confirm this exploit. Working for a fix.
The patch given by the reporter unsets all variables which were registered because of register_globals on. I think this is the correct way.
-
cpg1.4.20 has just been released, which takes care of the exploit. See corresponding announcement thread cpg1.4.20 Security release - upgrade mandatory! (http://forum.coppermine-gallery.net/index.php/topic,57882.0.html)